Despite the appetite of contact centers and customers to use digital, human-free engagement channels, voice communications are still desired, necessary, and appropriate for some interactions. Interactions that are particularly complex or require multiple steps are still often best handled by human agents, rather than automated bots.

However, one of the key challenges faced by customers is the authentication process, which refers to the agent on the line ensuring that the person calling in is an authorized user for a specific service. This is important for most account-based relationships, but is particularly important for companies in the financial services, healthcare, hospitality, government, telecommunications, and other industries where personal or financial data is involved.

Typically, a telephone-based agent will ask a caller to verify specific information, including account numbers, the last four digits of their Social Security number, and, depending upon the organization and the sensitivity level of the account, some additional “challenge” questions that ostensibly only the owner of the account knows.

This creates additional friction, for several reasons. For one, answering these questions can take additional time, and for customers that are trying to get a problem or issue addressed, it can exacerbate their frustration. Further, due to the large number of accounts a person may have, it can be difficult to remember challenge questions and their answers, particularly if the customer set up the account months or years prior to the interaction. Some senior citizens may struggle with this type of authentication. Most frustratingly, to improve security often these same authentication questions are asked each time a customer is transferred to a new agent.

Another major concern with this type of information-based authentication is that it allows unauthorized users, such as account holders’ children, to access the account if they can provide this information. Fraudsters are also able to use this method of authentication to confirm information they may have stolen, or is available on the web, thereby providing them access to not only this account, but perhaps others, a consequence of people re-using usernames, passwords, and challenge questions across multiple accounts.

That is where moving to more advanced and secure processes for authenticating genuine users can reduce friction and provide greater security. One of the easiest ways to provide additional security is to employ multifactor authentication. In this case, once a user provides their authenticating information, such as a username, password, and answer to a challenge question, a text message with a one-time PIN will be sent to the mobile device number on file, which will then need to be provided to the agent to continue with the transaction. While this does not stop in-household users or bad actors who may have access to the mobile device from accessing the account, it does prevent fraudsters without the authenticating device to access the account.

Another more complex and robust solution is the use of voice biometrics to secure an account. Biometric authentication uses unique biological characteristics to verify an individual’s identity, and it is generally harder to spoof and more convenient for users, since they do not need to remember passwords, or carry a physical token than can be stolen or lost. Voice authentication is a biometric authentication technique that uses an analysis of a person’s voice to identify their identity. The shape and movement of a person’s mouth and jaw, combined with the individual shape and size of airways and other soft-tissue cavities, influence voice patterns to create voiceprint that is unique to each person. Moreover, recent research that tested voice recognition tools from VoiceVantage (a THC Technologies Corporation subsidiary), Verint, and Microsoft Azure, found that even identical twins’ voice biometrics are not identical, because, according to the research, “voice is just not mere words, it carries the emotional characteristics of the person at the moment of recording.”

Voice prints are made from reciting a specific text or passphrase, and this passphrase is spoken a few times to create a comprehensive sample. When a person uses the passphrase, certain words are compared with the stored voice print. Other systems do not rely on stored recordings, and instead are trained to recognize similarities between individuals’ voice patterns. Once this sample has been captured and enrolled, it is analyzed for unique vocal qualities, including duration, intensity, dynamics, and pitch, and is then templated to compare against future authentication attempts.

To ensure that recordings or synthetic voices are not used to fool the system, liveness detection, a technology that ensures that a voice sample being used is real, can be deployed. Another way to ensure that the user is legitimate is to utilize continuous authentication, which repeatedly verifies an individual’s identity over the length of a session, rather than just once.  

The key advantages of voice recognition include ubiquity, as all phones have microphones, and the process of speaking into the phone is convenient and familiar to most users. It also allows remote authentication and authentication through “smart” devices, such as appliances, so long as the device has mobile voice capabilities.

However, voice biometrics is not as accurate as say, face recognition, and is not suitable when there is a lot of background noise or when a speaker cannot talk at a normal volume (such as in a “quiet” commuter railcar.)

All told, voice biometrics should be considered as an additional security layer, rather than a standalone security solution. Even as the technology improves, the best defense against fraud is to utilize two or more low-friction security approaches to secure sensitive accounts and ensure the customer’s experience is positive.